4

Windows Defender very quickly popped up a notification saying it has taken action to prevent against malware. I need to know the details. This happened while I was downloading pictures from Google Photos, but I also have a hunch that a program I recently installed to improved privacy on Windows 10 warned it sometimes gets flagged as malware.

To be clear I'd like to know which file was detected, if it was deleted or quarantined, and which virus it was detected as.

Improve this question
1
  • The history tab allows you to see the allowed,detected, and quarantined items.
    – Ramhound
    Commented Sep 22, 2016 at 12:10

1 Answer 1

Reset to default
6

Windows Defender popped up a notification - I need to know the details

I'd like to know which file was detected, if it was deleted or quarantined, and which virus it was detected as.

Looks in the Windows Event Logs for:

  • Event ID: 1006 - MALWAREPROTECTION_MALWARE_DETECTED

    The antimalware engine found malware or other potentially unwanted software.

  • Event ID: 1007 - MALWAREPROTECTION_MALWARE_ACTION_TAKEN

    The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.

  • Event ID: 1116 - MALWAREPROTECTION_STATE_MALWARE_DETECTED

    The antimalware platform detected malware or other potentially unwanted software.

  • Event ID: 1117 - MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN

    The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.

See below for complete instructions.

Troubleshoot Windows Defender in Windows 10

Windows Defender client event IDs

This section provides the following information about Windows Defender client events:

  • The text of the message as it appears in the event
  • The name of the source of the message
  • The symbolic name that identifies each message in the programming source code
  • Additional information about the message

Use the information in this table to help troubleshoot Windows Defender client events; these are located in the Windows Event Viewer, under Windows Logs.

To view a Windows Defender client event

  1. Open Event Viewer.
  2. In the console tree, expand Applications and Services Logs, then Microsoft, then Windows, then Windows Defender.
  3. Double-click on Operational.
  4. In the details pane, view the list of individual events to find your event.
  5. Click the event to see specific details about an event in the lower pane, under the General and Details tabs.

...

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here

Source Troubleshoot Windows Defender in Windows 10

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .